[prev in list] [next in list] [prev in thread] [next in thread]
List: ipfilter
Subject: RE: Configuration questions
From: Vedran Bender <vedran.bender () ansys ! com>
Date: 2002-11-21 17:12:33
[Download RAW message or body]
Sir, in order to utilize that type of logging, you need to understand how
the syslog facility works (which is what local0.debug is).
May I suggest reading up on syslog.conf and syslogd? man pages and
http://docs.sun.com <http://docs.sun.com> are excellent resources to start
with.
Meanwhile, to make logging work via the syslog facility, you need to do the
following:
touch /var/log/ipf.log
Edit the /etc/syslog.conf file and add the following line:
local0.debug /var/log/ipf.log
Then issue the following command:
kill -HUP `pgrep syslogd`
Finally, all your rules need to say (an excerpt from my own ruleset
follows):
pass in log level first local2.info quick on le0 proto tcp from <IP
address>/32 to <IP address>/32 port = <port> keep state
A careful examination points out that I'm using a different logging facility
(local2) and a different logging level (info). So, in your situation, it
would be: local0.debug.
-----Original Message-----
From: Alejandro Cabrera [mailto:sisdis@tournet.com.ar]
Sent: Thursday, November 21, 2002 09:03 AM
To: IPFilter (lista)
Subject: Configuration questions
Hello !!!
I tell you that with your help I could install and run IPFILTER on my
SUN/Solaris 7....thanks.
But now a few questions to complete my configuration:
1) In a web page I read that in orden to log the IPFilter actions, I have to
edit /etc/syslog.conf file with the following line:
local0.debug /var/log/ipflog
I did it, and then I created the /var/log/ipflog file and configured with
"log" the filtering rules I wanted in /etc/opt/ipf/ipf.conf......but I can't
get any log !!!! what's wrong ???
2) In a machine with 2 or more interfaces and IPFILTER installed, does
ip_forwarding parameter set active (ip_forwarding = 1) or disable
(ip_forwardoing = 0). I ask you this because in my SunScreen firewall
ip_forwarding is equal to 1.
3) Does IPFILTER affect the performance of the services, e.g web service
???? Because I note that the response time of my web service is longer
now....
Thanks again and regards !!!!!!
Alejandro.
[Attachment #3 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2713.1100" name=GENERATOR></HEAD>
<BODY bgColor=#ffffff>
<DIV><SPAN class=819225916-21112002><FONT face=Arial color=#0000ff size=2>Sir,
in order to utilize that type of logging, you need to understand how the syslog
facility works (which is what local0.debug is).</FONT></SPAN></DIV>
<DIV><SPAN class=819225916-21112002><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=819225916-21112002><FONT face=Arial color=#0000ff size=2>May I
suggest reading up on syslog.conf and syslogd? man pages and <A
href="http://docs.sun.com">http://docs.sun.com</A> are excellent resources to
start with.</FONT></SPAN></DIV>
<DIV><SPAN class=819225916-21112002><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=819225916-21112002><FONT face=Arial color=#0000ff
size=2>Meanwhile, to make logging work via the syslog facility, you need to do
the following:</FONT></SPAN></DIV>
<DIV><SPAN class=819225916-21112002><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=819225916-21112002><FONT face=Arial color=#0000ff size=2>touch
/var/log/ipf.log</FONT></SPAN></DIV>
<DIV><SPAN class=819225916-21112002><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=819225916-21112002><FONT face=Arial color=#0000ff size=2>Edit
the /etc/syslog.conf file and add the following line:</FONT></SPAN></DIV>
<DIV><SPAN class=819225916-21112002><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=819225916-21112002><FONT face=Arial color=#0000ff
size=2>local0.debug
/var/log/ipf.log</FONT></SPAN></DIV>
<DIV><SPAN class=819225916-21112002><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=819225916-21112002><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=819225916-21112002><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=819225916-21112002><FONT face=Arial color=#0000ff
size=2>Then issue the following command:</FONT></SPAN></DIV>
<DIV><SPAN class=819225916-21112002><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=819225916-21112002><FONT face=Arial color=#0000ff size=2>kill
-HUP `pgrep syslogd`</FONT></SPAN></DIV>
<DIV><SPAN class=819225916-21112002><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=819225916-21112002><FONT face=Arial color=#0000ff
size=2>Finally, all your rules need to say (an excerpt from my own ruleset
follows):</FONT></SPAN></DIV>
<DIV><SPAN class=819225916-21112002><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=819225916-21112002><FONT face=Arial color=#0000ff size=2>pass
in log level first local2.info quick on le0 proto tcp from <IP
address>/32 to <IP address>/32 port = <port> keep
state</FONT></SPAN></DIV>
<DIV><SPAN class=819225916-21112002><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=819225916-21112002><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=819225916-21112002><FONT face=Arial color=#0000ff size=2>A
careful examination points out that I'm using a different logging facility
(local2) and a different logging level (info). So, in your situation, it
would be: local0.debug.</FONT></SPAN></DIV>
<DIV><SPAN class=819225916-21112002></SPAN> </DIV>
<DIV><SPAN class=819225916-21112002><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> Alejandro Cabrera
[mailto:sisdis@tournet.com.ar]<BR><B>Sent:</B> Thursday, November 21, 2002
09:03 AM<BR><B>To:</B> IPFilter (lista)<BR><B>Subject:</B> Configuration
questions<BR><BR></FONT></DIV>
<DIV><FONT color=#000000 size=2>Hello !!!</FONT></DIV>
<DIV><FONT color=#000000 size=2></FONT> </DIV>
<DIV><FONT color=#000000 size=2>I tell you that with your help I could install
and run IPFILTER on my SUN/Solaris 7....thanks.</FONT></DIV>
<DIV><FONT color=#000000 size=2>But now a few questions to complete my
configuration:</FONT></DIV>
<DIV><FONT color=#000000 size=2></FONT> </DIV>
<DIV><FONT color=#000000 size=2>1) In a web page I read that in orden to log
the IPFilter actions, I have to edit /etc/syslog.conf file with the following
line: </FONT></DIV>
<DIV><FONT color=#000000
size=2>local0.debug
/var/log/ipflog</FONT></DIV>
<DIV><FONT color=#000000 size=2>I did it, and then I created the
/var/log/ipflog file and configured with "log" the filtering rules I wanted in
/etc/opt/ipf/ipf.conf......but I can't get any log !!!! what's wrong
???</FONT></DIV>
<DIV><FONT color=#000000 size=2></FONT> </DIV>
<DIV><FONT color=#000000 size=2>2) In a machine with 2 or more interfaces and
IPFILTER installed, does ip_forwarding parameter set active (ip_forwarding =
1) or disable (ip_forwardoing = 0). I ask you this because in my SunScreen
firewall ip_forwarding is equal to 1.</FONT></DIV>
<DIV><FONT color=#000000 size=2></FONT> </DIV>
<DIV><FONT color=#000000 size=2>3) Does IPFILTER affect the performance of the
services, e.g web service ???? Because I note that the response time of my web
service is longer now....</FONT></DIV>
<DIV><FONT color=#000000 size=2></FONT> </DIV>
<DIV><FONT color=#000000 size=2>Thanks again and regards !!!!!!</FONT></DIV>
<DIV><FONT color=#000000 size=2></FONT> </DIV>
<DIV><FONT color=#000000
size=2>Alejandro.</FONT></DIV></BLOCKQUOTE></BODY></HTML>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic